On 1 August 2022, the Securities Commission Malaysia (“SC”) published a consultation paper and is seeking the public’s feedback on a proposed regulatory framework relating to the management of technology risks by the following capital market entities (“Proposed Regulatory Framework”).
- Bursa Malaysia Bhd and its subsidiaries;
- Federation of Investment Managers Malaysia;
- Private Pension Administrator Malaysia;
- Capital Markets Services License holders;
- Recognized market operators;
- Registered persons in Part 2 of Schedule 4 Capital Markets and Services Act 2007 (CMSA); and
- Capital market service provider registered under section 76A of the CMSA.
According to the SC, the Proposed Regulatory Framework is intended to:
- be two-pronged: (i) for all capital market entities to have a robust and sound technology risk management framework that promotes strong oversight of technology risks in the capital market entity, and (ii) ultimately for the capital market to be cyber resilient; and
- subsume the current requirements in the Guidelines on the Management of Cyber Risk that was issued in 2016, consolidate other requirements relating to technology risks management in the various guidelines issued by the SC and introduce new requirements.
The Proposed Regulatory Framework is part of the SC’s commitment to enhance governance and oversight of technology risks in capital market entities while further strengthening their technological resilience. The Proposed Regulatory Framework aims to further improve capital market entities’ ability and effectiveness in detecting and addressing an increasing range of technology risks due to the prevalent use of technology, emergence of new technologies and the growing sophistication of cyber threats.
The consultation paper in relation to the proposed regulatory framework is available at https://www.sc.com.my/regulation/consultation-papers
